SoylentNews is people
SoylentNews
It turns out that Lenovo has code in their BIOS which creates and maintains a backdoor executable in Windows 7 and Windows 8.x installs. Simply wiping the machine when you bring it home to remove the factory crap-ware is not enough to overcome this implementation. This issue is supposed to have been resolved via a recently released patch that doesn't remove but rather disables this 'feature' which is being called the Lenovo Service Engine.
Original Source for the news:
http://arstechnica.com/civis/viewtopic.php?p=29497693&sid=ddf3e32512932172454de515091db014#p29497693
Link to patch:
https://support.lenovo.com/us/en/product_security/lse_bios_notebook
This exploit takes advantage of a Windows feature called Windows Platform Binary Table. This is essentially a method created for the purpose of enabling UEFI bioses to load extra binaries at boot time.
link to paper on WPBT:
http://feishare.com/attachments/article/298/windows-platform-binary-table.pdf
(Score: 3, Informative) by Tork on Thursday August 13 2015, @12:12AM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by TheGratefulNet on Thursday August 13 2015, @12:42AM
"It turns out that Lenovo has code in their BIOS which creates and maintains a backdoor executable in Windows 7 and Windows 8.x installs."
that is the fallacy of inclusion; it implies that all lenovos have this problem and that's just not true (at least lenovo's support site does not list a single thinkpad on this).
'lenovo' does not have code in their bios, the CONSUMER LAPTOPS BY LENOVO - and even then - its the models on the list - that is at fault.
it did not take much to learn that its not all lenovos. why can't the editors make headlines that are NOT click-bait? I do expect more from this site. slash, sure, they are a lost cause, but I would hope people would offer less sensationalistic HL's here.
"It is now safe to switch off your computer."
(Score: 5, Insightful) by Phoenix666 on Thursday August 13 2015, @01:11AM
It's August, people are on vacation, and the editors did just put out a cal for help. Perhaps you could answer that call and do the deep dive on all the submissions you're expecting. Slashdot editors do get paid. It's the friends and family of the Soylent editors who pay because they're busy maintaining a site and submission queue instead of spending more time with them. You might consider paying them with help, or gratitude, or at least a little understanding.
Pointing out it was not all models of lenovo would have been sufficient and served the purposes of the discussion and community without knocking the editors.
Washington DC delenda est.
(Score: 3, Informative) by quadrox on Thursday August 13 2015, @07:22AM
Seriously, you are overreacting.
Yeah it's not quite as accurate as it could be, but in the end the result is the same. It doesn't matter if lenovo only fucks over some of their customers or every last one of them - the fact that they are doing this at all is what's important.
Which particular models are affected is a footnote compared to the overall story.
(Score: 0) by Anonymous Coward on Thursday August 13 2015, @08:36AM
The fallacy is on your side. Nowhere, I repeat, NOWHERE does the text state, or even imply, that all Laptops are affected. That wrong conclusion is completely yours.